[jira] [Comment Edited] (SOLR-16048) Examine Tika dependencies that brought in javax classes

Tue, 22 Feb 2022 18:11:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-16048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496431#comment-17496431
 ] 

Kevin Risden edited comment on SOLR-16048 at 2/23/22, 2:10 AM:
---------------------------------------------------------------

This is implemented here: 
* 
https://github.com/apache/solr/blame/main/dev-tools/scripts/smokeTestRelease.py#L114
* 
https://github.com/apache/solr/blame/main/dev-tools/scripts/smokeTestRelease.py#L194


was (Author: risdenk):
This is implemented here: 

https://github.com/apache/solr/blame/main/dev-tools/scripts/smokeTestRelease.py#L114

> Examine Tika dependencies that brought in javax classes
> -------------------------------------------------------
>
>                 Key: SOLR-16048
>                 URL: https://issues.apache.org/jira/browse/SOLR-16048
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: contrib - Solr Cell (Tika extraction)
>            Reporter: Kevin Risden
>            Priority: Major
>
> SOLR-15989 Tika 1.28.1 upgrade brought in some javax packaged classes which 
> [~janhoy] caught with the smoketester. Details from [~janhoy] in SOLR-15989:
> {quote}This upgrade adds many parsers and dependencies. I ran the 
> smoketester, which introspects every jar looking for illegal "java.{*}" and 
> "javax.{*}" class files. These libararies were flagged by the smoke tester:
> {code:java}
> modules/extraction/lib/unit-api-1.0.jar" contains sheisty class 
> "javax/measure/Dimension.class"
> modules/extraction/lib/jakarta.activation-1.2.2.jar" contains sheisty class 
> "javax/activation/CommandInfo$Beans$1.class"
> modules/extraction/lib/jakarta.annotation-api-1.3.5.jar" contains sheisty 
> class "javax/annotation/security/PermitAll.class"
> jakarta.xml.bind-api:2.3.3 {code}
> I believes all jakarta libs are OK license wise, but strangely they use the 
> javax.xxx namespace instead of jakarta.xxx. The Units API (javax.measure.xxx) 
> seems to be in the same category, that it is a JSR implemented with an 
> allowed license.
> We have excluded several annotation jars elsewhere, that's why I raise this 
> here.
> I assume the correct action is to make exceptions for these pacakges in the 
> smoke tester. Any other insight?{quote}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to